PoPI: reinforcing the value of digital ethics?

Mar 17, 2017

Much has been made about the introduction of the Protection of Personal Information Act (or PoPI) in terms of how it will potentially limit the rate at which the local cloud computing and managed services markets is growing.
Companies have also pushed back in terms of how the act will affect their internal systems and processes, writes John Tadman, country manager at Avanade South Africa.
Given that there is arguably already a trust equation in place between modern consumers and the digital businesses they interact with, businesses should not use PoPI to distract from some of the key issues at hand having a greater impact on the South African industry including a lack of digital ethics uptake, slow infrastructure rollout and high data costs.
While the purpose of the PoPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information, one could argue that this should be seen as complementary to digital ethics’ practices companies should already have started putting in place. In a world where trust is becoming the cornerstone of customer relationships, it is no longer enough for organisations to meet compliance and security obligations; they should have started implementing a digital ethics framework. This framework should not only define how a company innovates and does business with its customers, but also how its employee information is used and managed.
According to Gartner, digital ethics is the system of values and principles a company may embrace when conducting digital interactions between businesses, people and things. It sits at the nexus of what is legally required: what can be made possible by digital technology and what is morally desirable. Based on this, one can see the introduction of PoPI as a positive point of departure for the formalisation of a culture of digital ethics locally. It will ensure more secure treatment of personal data by companies, and the need to comply with its provisions will accelerate the implementation of best practices in information management.
That being said, it must be noted that a more humanist approach is typically needed for digital ethics than other governance frameworks – and most companies therefore have a long way to go in this respect. Because there is no one-size-fits-all approach, businesses must assess the ethical implications of data usage from the perspective of their customers. Each organisation must consider its own customers and what they would find to be an acceptable use of data and technology to deliver products and services.
In a similar way, expectations will differ from industry-to-industry and region-to-region, as well as in the context of online versus human interactions. In a country, as diverse as South Africa, companies need to carefully consider what would be in their customers’ best interests. For example, would a customer be comfortable with brands and banks recommending products and services in the real world based on behaviours that cookies have tracked online?
Conversely, would a customer be comfortable receiving a bad health prognosis digitally, rather than from a human? As such, a company’s digital ethics framework needs to go beyond data storage and usage (i.e. beyond what technology makes possible and what is legally permissible) and facilitate consideration of what is morally desirable for the customer, not just what is possible with technology or legally permissible.
While PoPI is one thing, it therefore shouldn’t overshadow the need for the adoption of a much stronger and more robust culture of digital ethics in South Africa. It also shouldn’t distract from other critical conversations that we as an industry need to continue to have – including around slow infrastructure rollout and high data costs – as these have a direct impact on our clients and customers. As we move into an era of technology, the likes of which we never imagined, where questions around “can we?” and “is it technically possible?” are now irrelevant, it’s time to shift our thinking to “should we?” and the possibilities our actions and decisions will enable.